Head of Risk and Regulatory Compliance

We are seeking an experienced Head of Risk & Regulatory Compliance to lead the local risk management and regulatory compliance framework of our Croatian entity, which is applying for authorisation as a Crypto-Asset Service Provider (CASP) under the EU Markets in Crypto-Assets Regulation (MiCA). 

 The role is responsible for establishing and maintaining a robust risk management and compliance framework, ensuring that the company operates in full alignment with applicable European and Croatian regulatory requirements. 

 Operating within a wider group of regulated financial institutions, the Head of Risk & Regulatory Compliance will ensure that the Croatian entity maintains strong governance, internal controls, and regulatory oversight, while aligning with group-wide risk and compliance standards. 

 
Your Role:

• Establish and maintain the organisation’s risk management framework, aligned with group policies and EU regulatory expectations. 

• Identify, assess, and monitor key risk categories including: operational risk, regulatory risk, ICT and cybersecurity risk, third-party and outsourcing risk, financial crime risk. 

• Develop and maintain the organisation’s risk appetite framework and risk monitoring processes. 

• Prepare regular risk reports and dashboards for senior management and the Board. 

• Ensure the organisation complies with all relevant regulatory requirements including: MiCA, DORA, EU AML/CFT framework. 

• Croatian financial services regulation. 

• Monitor regulatory developments and ensure internal policies are updated accordingly. 

• Maintain and oversee the organisation’s regulatory compliance programme. 

• Provide guidance to management and internal teams on regulatory obligations. 

• Support the organisation’s CASP authorisation and ongoing regulatory supervision. 

• Maintaining compliance with MiCA governance, operational, and safeguarding requirements. 

• Supporting regulatory reporting obligations. 

• Ensuring operational procedures align with regulatory expectations for crypto-asset service providers. 

• Preparing documentation and responding to regulatory enquiries. 

• Support the implementation and oversight of the organisation’s Digital Operational Resilience (DORA) framework. 

• Ensuring the organisation maintains a robust ICT risk management framework. 

• Overseeing ICT third-party risk management and monitoring technology service providers. 

• Supporting the maintenance of the register of ICT service providers required under DORA. 

• Ensuring ICT incidents are properly classified, escalated, and reported. 

• Supporting resilience testing and operational continuity planning. 

• Maintain oversight of all outsourcing arrangements and third-party service providers. 

• Ensure outsourcing arrangements comply with EBA outsourcing guidelines. 

• Perform due diligence and risk assessments for new service providers. 

• Maintain the organisation’s outsourcing register and documentation. 

• Monitor service provider performance and risk exposure. 

• Develop and maintain key internal governance documents including:
  risk policies, compliance policies, internal control frameworks, outsourcing governance procedures. 

• Ensure segregation of duties and internal control mechanisms are properly implemented. 

• Provide risk and compliance input to new products, partnerships, and operational processes. 

• With the Bord of Directors, act as the primary liaison with regulatory authorities in Croatia. 

• Coordinate regulatory inspections and supervisory reviews. 

• Support internal and external audits related to risk and compliance. 

• Prepare regulatory reporting and documentation required by supervisory authorities. 
  

• What We're Looking For:

• Bachelor’s or Master’s degree in Law, Finance, Risk Management, Economics, or a related discipline. 

• 7+ years experience in risk management, compliance, or regulatory roles. 

• Experience working in regulated financial institutions, fintech, or crypto-asset businesses. 

• Familiarity with EU financial services regulation including MiFID, MiCA, DORA, and AML frameworks. 

• Experience interacting with regulatory authorities. 

• Relevant certifications are advantageous. 

• Strong understanding of regulatory frameworks for financial institutions 

• Expertise in enterprise risk management and compliance governance 

• Experience managing outsourcing and third-party risk 

• Strong analytical and problem-solving capabilities 

• Excellent policy drafting and regulatory interpretation skills 

• Strong communication and stakeholder management abilities. 

• The successful candidate will be subject to a mandatory F&P pre-assessment. 

• Must meet Annex II – Skills of the EBA/ESMA suitability guidelines for members of the management body and key function holders. 

• Must meet ESMA Fit & Proper assessment guidelines for CASPs under MiCA. 

• The ideal candidate has already previously obtained a F&P approval. 

What We Offer:

• Competitive market rate salary and performance-based incentives

• 22 days annual leave with an additional 6 company days, plus bank holidays

• Comprehensive health insurance plans

• Extensive Benefits program

• Flexible work schedule and remote work options

• Professional development and training opportunities

• Opportunity to shape the initiatives you’re working on

• Diverse and friendly team

• We are open-minded to new ideas